Re: [Ncat] hang on ongoing ssl negotation in brokering mode

[Shinnok <admin () shinnok com>]

On 6/13/2011 11:09 PM, David Fifield wrote:
> > Argh, and there's ncat_exec_win.c that I have to handle too, if I'm not
> > mistaken, since I only too cake of the netexec() in ncat_posix.c? Any
> > special comments for that David? I see there's some playing around with
> > blocking/unblocking of the remote socket(@420) which might interfere
> > with making this work.
> Yes, it should work for Windows too. You probably don't have to worry
> about that blocking detail.
Fixed in r24036. I have a question though, regarding both posix and 
windows versions of this exec behaviour:
Since exec invocations usually have that already available to send to 
the socket even if the ssl negotiation didn't finish, calls to fselect() 
@210 in ncat_posix.c and WaitForMultipleObjects() @387 in 
ncat_exec_win.c will basically return the minute they are called thus no 
waiting is accomplished. However I block the loops from sending that 
data over the socket if the ssl handshake is not completed @253 and @415 
respectively.  This basically means that ncat will enter an infinite 
loop at that point and consume the entire cpu(or a core/thread) till 
that handshake is completed or abandoned. Further connections work fine 
and all that, however the full cpu is not nice. My proposed solution is 
to timeout this ssl negotiation for a specific number of seconds and 
then drop the entire connection at question after that time is passed. 
I'm welcome to suggestions on this issue.
> Please find a way to factor this code into its own function. It's too
> much to have it repeated in each read loop.
>
>              if(o.ssl&&  info->ssl&&  !info->ssl_accept_done){
>                  int ret = SSL_accept(info->ssl);
>                  int sslerr = 0;
>                  if(ret == 1){
>                      info->ssl_accept_done = 1;
>                      continue;
>                  }else
>                  sslerr = SSL_get_error(info->ssl, ret);
>                  if(ret == -1&&  (sslerr == SSL_ERROR_WANT_READ
>                                   || sslerr == SSL_ERROR_WANT_WRITE)){
>                      continue;
>                  }else {
>                      if (o.verbose) {
>                          loguser("Failed SSL connection from %s: %s\n",
>                          inet_socktop(&info->remoteaddr),
>                                       ERR_error_string(ERR_get_error(), NULL));
>                      }
>                      goto loop_end;
>                  }
>              }
>
> David Fifield
I'm working on this right now.

Best regards,
Shinnok
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/